Hi Tarnak,
What is the DefenseWall status for CCE? I noticed that you ran KillSwitch Untrusted.
Thanks.
Hi Tarnak,
What is the DefenseWall status for CCE? I noticed that you ran KillSwitch Untrusted.
Thanks.
What is a file size limit?? I have a gg.exe (Gadu-gadu), size file is a 12MB, verdict is a “FLS Absent”. Verdict DACS is a “File tool Large”.
Hi JoWa, I have the CCE folder as trusted, but for some reason I can’t get the CCE and Killswitch exe’s to run as trusted. I must be doing something wrong with the settings in DW.
I tried (on a virtual system) to right-click on CCE.exe and KillSwitch.exe > DefenseWall > Run as trusted. Or, DefenseWall > Change status to trusted, and then run it. Works for me.
That is what I do, but then it becomes untrusted as per… ??? :-[
[attachment deleted by admin]
same problem here.
windows vista sp2 32 bit , sandboxie , norton av 2011 , cis5.3
and the full scan is way tooo long!! , it took almost 7 hours to finish !!!.
I have about 120 gigabyte of data stored on the hard-drive.
[attachment deleted by admin]
And also in the results page it says it’s a DACS error and timeout results !!!
how come the DACS get a result after timing out error message ??!
by the way , these are false positive.
[attachment deleted by admin]
I have worked it out…I had to go and change all the .cav extensions in the scanners folder to Defensewall > Change status to trusted. I will try running a scan tomorrow.
P.S I checked the DW events log, and found the problem, highlighted.
[attachment deleted by admin]
My OS is WinXP SP3, with CIS5 (AV Disabled), Emisoft Antimalware (AV only), Zemana Antilogger.
I opened Killswitch and tried to end A2service.exe (a component of Emisoft AM) via Terminator. The first time the results were a red X for TP1, TP2, Green check for TT1. Process still was running.
I ran Terminator a second time and got a green check for Tp1. Process still runs.
I then double clicked all the ID’s, got all green checks- Process still runs.
It is ending the process; it’s just restarting each time you do it. Check if the PID is changing.
[attachment deleted by admin]
i dont if it is a bug i had but the terminator failed to terminate two processes of trusted programs:
i was in skype and then it crashed and i couldnt log into it again because the process was still running, so i started killswitch and tried to terminate it
terminator ran all tasks with a red cross in front of it
after this i started a program to make a screenshot for you to show it to you but the programm also crashed after some pop-ups by defense+ and tried to terminate it too but it couldnt be terminated to
so i think there should be some stronger methods to terminate processes if its possible
It sounds like you have a bad driver or a rootkit, which is causing programs to hang in kernel-mode. There is no safe way to terminate processes in this state.
Or you may have simply blocked KillSwitch with your AV, accidentally…
I guess this is more of a false positive, but I think CCE should have shown the registry keys in the results summary, but it didn’t and “disinfected” them on reboot, so that seems like a bug to me.
Edit: cce_1.2.174769.31_x32
EDIT: The only bug here is my vision! I didn’t read the part that said when CCE wanted to reboot: “will continue to search” Yeesh I guess I should learn to read before clicking away!
My apologies! I did reinstall the same program (Vmware converter) that the original registry keys were from and this time it did not detect and disinfect them, so seems to me everything worked as it should.
Thank you for such a great program!
[attachment deleted by admin]
[attachment deleted by admin]
The file exist; you have to enable option "Show hidden files, folders and drives: Start → Computer → Organize - > Folder and search options → View tab.
1. Your Operating System (32 or 64 bit) and Service Pack revisionWindows 7 ultimate, 32bit, Service Pack: N/A
2. Other Security and Utility Software InstalledCIS Version 5.3.174622.1216 Virus Database: 7289
3. Step by step description to reproduce the issueThe problem is "Kill Switch" Version 1.2174769.31 Palemoon browser (firefox varient) 3.6.13 http://www.softpedia.com/progDownload/Pale-Moon-Download-141741.html
also another similar bug, Follow the same as step (1 - 4)
5) on step 5, click on the black highlighted one
6) click on “properties” 5 times
7) click on O.K.
8) click on “security”
9) Now your stuck with that screen
4. How you tried to resolve the problemOnly if you right click on the "killswitch" icon by the "startmenu" and click on close. <--Only then it will close
5. Upload Memory Dumps on crash if you encounter any (see on bottom on how to do a memory dump or forced it to product a memory dump) <--This makes it easier for the delvopers to fix stubbern bugs, freezes, glitchs and such WITH THE BUG REPORT(not required but very very helpfull) (((If you don't want to post the link to the memory dump, then PM a Mod with the link for the dump))))There was NO crash and I didn't force a memory dump either, but if you like I can restart the computer, repoduce the bug and then force a memory dump, if needed :)
6. Attach screenshots to your posts to clarify the issue furtherThere's 4 pictures
7. Any other information you think that might be usefulThis only seems affects items that say "analyzing" and have highlighted items
===============================================================
P.S. On a totally separate issue, Correct me if I’m wrong, If you look at The first picture Under “Verdict”. The word "analysing should be spelled "analyzing. The letter “s” needs to be replaced with “z”
[attachment deleted by admin]
I’m already aware of this bug. It’s related to file objects opened for synchronous I/O.
I'm already aware of this bug. It's related to file objects opened for synchronous I/O.
I’ll check to see if it’s been reported before I post one (From Now On) <–Sorry, I wasn’t thinking of that, It took me 10 minutes to figure out how to reproduce it step-by-step. I just posted it without thinking twice
No, it hasn’t been reported here before. I meant, as the developer of Process Hacker, I’m aware of this issue. Just letting you know.